A vulnerability has been identified in Asterisk, which can be exploited by malicious people to perform arbitrary database operations on a vulnerable system.
The vulnerability is caused due to an input validation error in the CDR (Call Detail Records) logging functionality when handling the "CallerID" string. This can be exploited via a SQL injection attack to execute arbitrary SQL code by supplying a specially crafted "CallerID".
Solution: The vendor issued an updated CVS version on 9th of September 2003.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com